In this example we will add the created payload to the C# source code of a calculator program. The source code used will be made available for download.

Open the calculator-payload.cs with notepad++ or any other file editor

Notice the System requirements (System.Collections.Generic, System.Text, System.IO etc.) and the class & static void parts of the program.

Open the source code of your choice or use the attached calculator source code

Once Visual Studio opens it should look similar as shown below:

Now we need to make sure the program includes all required system namespaces. For this we need to add all system namespaces that are not included in the original source code. In this case this will look as shown below:

Notice that System.Text, System.IO & System.Reflection are added

Now we need to add our code in both the Static class and Static void parts of the original program:

This can be done by coping and pasting the code from the notepad session as shown in step 1.

Once you are done the result should look similar as shown below:

When you copy the code in after the Application.Run part, the program will run normally and start Form1() as expected. Once this form is closed, the program will execute the payload before shutting down.

Assemble your new Calculator application

Before we assemble the modified source code you can change the assembly name or Icon to whatever you like. In this case I will make sure the program gets assembled with the name Calculator-Demo.exe and will use the Windows Calculator symbol as an Icon.

Once done, click on Build Solution or F7 in Visual Studio and make sure the outcome does not state any errors:

Your newly created Trojan is now ready to be tested.

Step 4. Test your newly created Trojan

To test your Trojan we will need to do the following:

Copy the Calculator-Demo.exe to a victim machine

Start a metasploit https reverse handler on the attackers machine

Execute the calculator

Check for a successful metapreter connection

Step 1. Copy the Calculator-Demo.exe

In this example I will copy the Calcultor.Demo.exe to a fully patched Windows 8.1 system which is running a TrendMicro antivirus & RSA ECAT agent.